Belgium joins No More Ransom

Feb 12, 2018

The Belgian Federal Police is releasing free decryption keys for the Cryakl ransomware, working in close c-operation with Kaspersky Lab.
The keys were obtained during an ongoing investigation. By sharing the keys with No More Ransom the Belgian Federal Police becomes a new associate partner of the project — the second law enforcement agency to do so after the Dutch National Police.

In the last few years, ransomware has eclipsed most other cyber threats, with global campaigns now indiscriminately affecting organisations across multiple industries in both the public and private sectors, as well as consumers. One of the most effective ways to fight ransomware is to prevent it, which is why No More Ransom was launched more than a year ago.

When the Belgian Federal Computer Crime Unit (FCCU) discovered that Belgian citizens had been victims of the Cryakl ransomware, it was able to locate a command and control server in one of Belgium’s neighbouring countries. Led by the federal prosecutor’s office, the Belgian authorities seized this and other servers while forensic analysts worked to retrieve the decryption keys.

Kaspersky Lab provided technical expertise to the Belgian federal prosecutor and has now added these keys to the No More Ransom portal on behalf of the Belgian Federal Police. This will allow victims to regain access to their encrypted files without having to pay the criminals.

The Belgian authorities are continuing with their investigation.

“Our regular advice in the case of ransomware attacks is: please don’t pay the ransom,” says Jornt van der Wiel, security researcher in the Global Research and Analysis Team at Kaspersky. “A number of cyber security experts work worldwide to help the victims, creating new, previously non-existent tools for decryption.

“Free decryption keys for Cryakl ransomware can be considered as proof of this policy and yet another reminder that there is always a chance of winning in the fight with criminals.”

Since the launch of the No More Ransom portal in July 2016, almost 1,6-million people from more than 180 countries have accessed the website, available in 29 languages with Estonian as the most recent addition.

There are now 52 free decryption tools on www.nomoreransom.org, which can be used to decrypt 84 ransomware families. CryptXXX, CrySIS and Dharma are the most detected infections. More than 35 000 people have managed to retrieve their files for free, which has prevented criminals from profiting from more than 10-million Euros.

The number of partners working together on No More Ransom has risen to more than 120, including more than 75 internet security companies and other private partners. The Cypriot and Estonian police forces are the latest law enforcements agencies to join. KPN, Telenor and The College of Professionals in Information and Computing (CPIC) have also joined as new private sector partners.